Why do phishing emails still work, even though we’ve been hearing about them for years?

Technology has changed. Human psychology hasn’t.

Phishing emails target human psychology, not technology. And human psychology hasn’t changed in the past ten years, unlike firewalls and antivirus software.

Wouldn’t you hold the door for someone carrying a stack of documents and feel good about doing a kind thing? Or hold the elevator for a colleague rushing to the office? Now imagine that the person you just helped has entered your office without an access card. Or that those documents contain sensitive contracts from your company. That’s exactly how social engineering works, it exploits our natural tendency to help, trust, and respond quickly.

The “Nigerian prince” is only the beginning of the story

Phishing is just the tip of the iceberg. Everyone has heard about the classic scam of the prince who promises you great wealth if you only send a small transaction fee first. After all, what’s €100 compared to the riches of a Saudi prince, right? Most people know the term phishing, but few realize that phishing is just one technique within the broader arsenal of social engineering.

Context is the new weapon

The problem isn’t that people don’t understand the risk. The real issue is context and psychological pressure. Modern phishing is no longer about obviously fake emails full of grammar mistakes. It’s an email from “IT support” with your company logo, arriving late on a Friday with the subject line: “Urgent: Your account will be blocked by 5:00 PM.” It’s a text message from a “courier” asking you to confirm the delivery address for a package you’re actually expecting. Or it’s a call from a “bank representative” just three days after you genuinely contacted your bank.

Five psychological triggers attackers rely on

Attackers exploit powerful psychological triggers:

Authority – “Your manager needs this urgently.”
Urgency – “This must be completed within 30 minutes.”
Fear – “Your account has been compromised.”
Reward – “You’ve received a bonus.”
Habit – A notification from an app you use every day.

That’s why phishing still works in 2026. Not because people are naive, but because we’re human. And humans are often much easier to hack than systems.